libmicrohttpd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] MHD and PVS-Studio Analysis

From: silvioprog
Subject: Re: [libmicrohttpd] MHD and PVS-Studio Analysis
Date: Sat, 24 Mar 2018 19:34:39 -0300
Finally I made a step by step to reproduce the full report (total warnings [general analysis]: 36). Firstly, take a look at this new generated report:

https://duallsistemas.com.br/download/pvs_mhd/fullhtml2

The steps:

Download the free PVS-Studio binary from:

https://github.com/viva64/how-to-use-pvs-studio-free/releases

Now, run the following commands:

# clone MHD from trunk
git clone https://gnunet.org/git/libmicrohttpd.git
# enter into its folder
cd libmicrohttpd/
# create the boostrap scripts
./bootstrap
# configure the building environment
./configure
# mark all source for analysis
how-to-use-pvs-studio-free -c 2 -m src
# build MHD
pvs-studio-analyzer trace -- make
# analyze the code
pvs-studio-analyzer analyze
# generate the HTML report from generated log
plog-converter -a GA:1,2 -t fullhtml PVS-Studio.log -o fullhtml

Now, take a look at "fullhtml" folder, you may get an "index.html" containing all reported issues (like the link I showed above).

Result for my environment / MHD copy:

Total messages: 47
Filtered messages: 36

I would like to help to fix those issues.

On Thu, Feb 1, 2018 at 6:11 AM, Christian Grothoff <address@hidden> wrote:
Hi silvioprog,

One of the issues was clearly real (fixed in Git), the other three I
don't get.  Looking at the code, the flag can clearly go in either
direction, and the incremented dest pointer cannot be NULL (was checked
just a few lines above).

Regardless, running such tools is always a good idea and generally
helpful, so I would definitively appreciate a full run and reports (or
patches, if the reports turn out to be well-founded).

Happy hacking!

Christian

On 01/31/2018 11:30 PM, silvioprog wrote:
> Hi dudes.
>
> PVS-Studio [1] <https://www.viva64.com/en/pvs-studio> is a Russian tool
> (Windows/Linux) for bug detection in the source code of programs written
> in C/C++.
>
> The tool have been issued bugs in many popular projects like LLVM/GCC,
> cURL, OpenSSL, Doxygen, OpenCV, GTK, glibc, tor etc. The full list is
> available at PVS-Studio's inspections page [2]
> <https://www.viva64.com/en/inspections>. It has helped the authors to
> fix the reported issues [3]
> <https://github.com/curl/curl/search?q=pvs&type=Issues>.
>
> I have been using the free version of PVS-Studio for analyzing open
> source projects I use, then it reported issues [4]
> <https://duallsistemas.com.br/download/pvs_mhd/fullhtml> in "Medium
> level" in four MHD files
> <https://duallsistemas.com.br/download/pvs_mhd/fullhtml>. The attached
> tar.gz contains a few pictures showing the testing result and text files
> containing respective links to access each issue explanation.
>
> If you agree with fixing those issues, I can run a full test in all MHD
> files and share all the reported issues (I fix the ones possible for me).
>
> [1] PVS-Studio page, < https://www.viva64.com/en/pvs-studio
> <https://www.viva64.com/en/pvs-studio> >
> [2] PVS-Studio inspections, < https://www.viva64.com/en/
> <https://www.viva64.com/en/>inspections
> <https://www.viva64.com/en/inspections> >
> [3] cURL fixes based on PVS-Studio issuing,
> < https://github.com/curl/curl/search?q=pvs&type=Issues
> <https://github.com/curl/curl/search?q=pvs&type=Issues> >
> [4] first MHD report using PVS-Studio free for open source projects,
> < https://duallsistemas.com.br/download/pvs_mhd/fullhtml
> <https://duallsistemas.com.br/download/pvs_mhd/fullhtml> >
>
> --
> Silvio Clécio

--
Silvio Clécio
reply via email to
[Prev in Thread] Current Thread [Next in Thread]